Chapter 24. NVIDIA Spectre V2 Mitigation

The NVIDIA Linux driver supports the retpoline Spectre V2 mitigation technique as identified by: https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf

For Linux systems that define CONFIG_RETPOLINE, the NVIDIA driver yields to the kernel's implementation of Spectre V2 mitigation. When CONFIG_RETPOLINE is not defined, the NVIDIA Linux driver implements the retpoline thunk without the Spectre V2 mitigation.

Linux kernels that implement retpoline based Spectre V2 mitigation provide a kernel boot flag to enable or disable the feature. When enabled, users may notice a performance degradation. In order to recover performance, the user can disable the feature using the spectre_v2 boot flag (unsafe).

spectre_v2=off

If the Spectre V2 mitigation is necessary, some performance may be recovered by setting the NVreg_CheckPCIConfigSpace kernel module parameter to 0. This will disable the NVIDIA driver's sanity checks of GPU PCI config space at various entry points, which were originally required to detect and correct config space manipulation done by X server versions prior to 1.7.

NVreg_CheckPCIConfigSpace=0